Mozilla adds every version of Flash to default Firefox blocklist
Firefox users awoke Tuesday to an update that blocks every version of Adobe's Flash Player from running in the popular open-source browser, a victory for information security efforts following the unprecedented disclosure of numerous critical Flash vulnerabilities.
"All versions of Adobe's Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security issues," Mozilla wrote in a support document. Firefox currently accounts for around 16 percent of the worldwide browser market.
Adobe has been forced to grapple with more than two dozen critical Flash Player security flaws this month, including some that weren't discovered until after they were already being actively exploited. The company has pushed four emergency updates since June 9 alone.
Given the scale of the problems, it's not immediately clear when --?or even if -- Flash will be removed from the list.
AppleInsider recommends that Mac users uninstall Flash from their Mac in its entirety and use Google's Chrome browser for any occasional Flash needs that crop up. Failing that, installing the ClickToFlash extension for Safari is a reasonable fallback, and users should always ensure that automatic updates are enabled --?the risk of security failure due to an out-of-date Flash version far outweighs the negligible chance of problems with Adobe's update functionality.
"All versions of Adobe's Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security issues," Mozilla wrote in a support document. Firefox currently accounts for around 16 percent of the worldwide browser market.
Adobe has been forced to grapple with more than two dozen critical Flash Player security flaws this month, including some that weren't discovered until after they were already being actively exploited. The company has pushed four emergency updates since June 9 alone.
Given the scale of the problems, it's not immediately clear when --?or even if -- Flash will be removed from the list.
AppleInsider recommends that Mac users uninstall Flash from their Mac in its entirety and use Google's Chrome browser for any occasional Flash needs that crop up. Failing that, installing the ClickToFlash extension for Safari is a reasonable fallback, and users should always ensure that automatic updates are enabled --?the risk of security failure due to an out-of-date Flash version far outweighs the negligible chance of problems with Adobe's update functionality.
Comments
Wow, how far we've come since the days of the pundits proclaiming the iPhone was doomed without Flash support.
Chrome's vaunted sandboxing of Flash doesn't work, it still gets hacked. And then you get Googs phoning home everything you're doing. That's like recommending you cut your finger off to stop your leg from bleeding.
Wow, how far we've come since the days of the pundits proclaiming the iPhone was doomed without Flash support.
I'll never forget the incessant mockery and hatred directed towards Apple and Jobs from every angle (especially the media) about their lack of Flash support and justification. As always, Apple is right, and it just takes a few years for every other gutless company to figure that out. The difference is that Apple is willing to take the heat and make decisions that aren't popular, for the greater good and long term benefits.
I was worried about no FLASH support when I first got my iPhone 4, but it was NEVER once a issue for me. That was kind of shocking. Seems many sites were already showing HTML5 pages to iOS users and the FLASH crap to Windows users at that point in time. When it finally went away with Android 4.0, iOS WON!!! Now it needs to just disappear on Windows and MAC. Just Uninstall it and be done with it. If you go someplace that needs it to work, oh well. If people stop going to them because of FLASH, they'll update their web site is get rid of it. Send a e-mail saying you have removed FLASH and no longer want it on your system and that you can't use their site because they still use it. Everyone just needs to delete it and be done with it.
It's always been complete crap!!! Nothing has changed.
"Firefox users awoke Wednesday..."
Where, in Hong Kong? This article is dated today, Tuesday July 14.
My hope is that those "but but but android supports flash" trolls got the pwnage they deserved. They only made pro-flash arguments because it was a cheap dig against Apple.
Einstein did say time was relative to the observer.
Made my day...
Steve Jobs's Thoughts on Flash, still available at Apple.com, and still a good read:
http://www.apple.com/ca/hotnews/thoughts-on-flash/
"Google and Mozilla have now both pulled support for the plugin on their respective Chrome and Firefox browsers. "
Chrome's vaunted sandboxing of Flash doesn't work, it still gets hacked. And then you get Googs phoning home everything you're doing. That's like recommending you cut your finger off to stop your leg from bleeding.
Does chrome do this? The ToS permit google to obtain your browsing history?
He had far more understanding of the field than the combined press and hordes of self proclaimed computer experts.
Cudos to him.
http://www.digitaltrends.com/mobile/adobe-flash-for-android-gone-with-barely-a-whimper/
"It’s the end of an era: Yesterday, Adobe quietly removed its Flash Player from Google Play, meaning Android device owners will no longer be able to download and install Adobe Flash to access videos, games, and other Flash-based content on the Web."
Flash hasn't been supported on Android since v4.1, a couple of years now, meaning it not applicable to 89% of current users.
Do not enable Flash self installers, they are probably already compromised.
When you do install Flash do it manually and verify the URL and check the certificate and lock symbol.
Also, do not use Chrome, Google cannot be trusted.
"the risk of security failure due to an out-of-date Flash version..."
The big risk is security failure with current Flash version. Adobe continues to update Flash as more and more zero-days are discovered.
Of course Google keeps track of your browsing history unless you turn it off (which you can do). That's the typical default on most browsers isn't it?